1/*2 * Copyright 2000-2001,2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.modules.actions.portlets.security;
1819// java util20import java.util.Iterator;
21import java.util.List;
22import java.util.Vector;
2324import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
25import org.apache.jetspeed.om.security.Permission;
26import org.apache.jetspeed.om.security.Role;
27import org.apache.jetspeed.portal.portlets.VelocityPortlet;
28import org.apache.jetspeed.services.JetspeedSecurity;
29import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
30import org.apache.jetspeed.services.logging.JetspeedLogger;
31import org.apache.jetspeed.services.resources.JetspeedResources;
32import org.apache.jetspeed.services.security.JetspeedSecurityException;
33import org.apache.turbine.util.DynamicURI;
34import org.apache.turbine.util.RunData;
35import org.apache.turbine.util.StringUtils;
36import org.apache.velocity.context.Context;
3738/***39 * This action sets up the template context for editing security permissions in the Turbine database40 * for a given role.41 *42 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>43 * @version $Id: RolePermissionUpdateAction.java,v 1.9 2004/03/31 04:49:10 morciuch Exp $44 */45publicclassRolePermissionUpdateActionextendsSecureVelocityPortletAction46 {
47privatestaticfinal String TEMP_ROLE = "tempRole";
4849/***50 * Static initialization of the logger for this class51 */52privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(RolePermissionUpdateAction.class.getName());
5354/***55 * Build the maximized state content for this portlet. (Same as normal state).56 *57 * @param portlet The velocity-based portlet that is being built.58 * @param context The velocity context for this request.59 * @param rundata The turbine rundata context for this request.60 */61protectedvoid buildMaximizedContext( VelocityPortlet portlet,
62 Context context,
63 RunData rundata )
64 {
65 buildNormalContext( portlet, context, rundata);
66 }
6768/***69 * Build the configure state content for this portlet.70 * TODO: we could configure this portlet with configurable skins, etc..71 *72 * @param portlet The velocity-based portlet that is being built.73 * @param context The velocity context for this request.74 * @param rundata The turbine rundata context for this request.75 */76protectedvoid buildConfigureContext( VelocityPortlet portlet,
77 Context context,
78 RunData rundata )
79 {
8081 buildNormalContext( portlet, context, rundata);
82 }
8384/***85 * Build the normal state content for this portlet.86 *87 * @param portlet The velocity-based portlet that is being built.88 * @param context The velocity context for this request.89 * @param rundata The turbine rundata context for this request.90 */91protectedvoid buildNormalContext( VelocityPortlet portlet,
92 Context context,
93 RunData rundata )
94 {
95try96 {
97Role role = null;
98/*99 * Grab the mode for the user form.100 */101 String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
102103//104// check to see if we are adding a role for a single user105//106 String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
107if (entityid == null || entityid.trim().length() == 0)
108 {
109return;
110 }
111112 buildRolePermissionContext(portlet, context, rundata, entityid);
113114//115// if there was an error, display the message116//117 String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
118if (msgid != null)
119 {
120int id = Integer.parseInt(msgid);
121if (id < SecurityConstants.MESSAGES.length)
122 context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
123 }
124125 }
126catch (Exception e)
127 {
128 logger.error("Error in Jetspeed Role Permission Security", e);
129 rundata.setMessage("Error in Jetspeed Role Permission Security: " + e.toString());
130 rundata.setStackTrace(StringUtils.stackTrace(e), e);
131 rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
132 }
133 }
134135136/***137 * Database Update Action for Security Role Permissions. Performs updates into security database.138 *139 * @param rundata The turbine rundata context for this request.140 * @param context The velocity context for this request.141 */142publicvoid doUpdate(RunData rundata, Context context)
143 throws Exception
144 {
145 String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
146if (entityid == null || entityid.trim().length() == 0)
147 {
148 logger.error("RolePermissionBrowser: Failed to get entity: " + entityid );
149 DynamicURI duri = new DynamicURI (rundata);
150 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
151 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
152 rundata.setRedirectURI(duri.toString());
153return;
154 }
155Role role = JetspeedSecurity.getRole(entityid);
156if (null == role)
157 {
158 logger.error("RolePermissionBrowser: Failed to get role: " + entityid );
159 DynamicURI duri = new DynamicURI (rundata);
160 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
161 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
162 rundata.setRedirectURI(duri.toString());
163return;
164 }
165166167try168 {
169 List permissions = (List)rundata.getUser().getTemp(SecurityConstants.CONTEXT_PERMISSIONS);
170 List selected = (List)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED);
171172if (permissions == null || selected == null)
173 {
174 DynamicURI duri = new DynamicURI (rundata);
175 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
176 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
177 rundata.setRedirectURI(duri.toString());
178return;
179 }
180181//182// walk thru all the permissions, see if anything changed183// if changed, update the database184//185for (int ix = 0; ix < permissions.size(); ix++)
186 {
187 String permissionName = ((Permission)permissions.get(ix)).getName();
188boolean newValue = rundata.getParameters().getBoolean("box_" + permissionName, false);
189boolean oldValue = ((Boolean)selected.get(ix + 1)).booleanValue();
190if (newValue != oldValue)
191 {
192if (newValue == true)
193 {
194// grant a permission to a role195 JetspeedSecurity.grantPermission(role.getName(), permissionName);
196 }
197else198 {
199// revoke a permission from a role200 JetspeedSecurity.revokePermission(role.getName(), permissionName);
201 }
202 }
203 }
204205// clear the temp values206 rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, null);
207 rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, null);
208209210 }
211catch (Exception e)
212 {
213// log the error msg214 logger.error("Failed update role+permission", e);
215216//217// error on update - display error message218//219 DynamicURI duri = new DynamicURI (rundata);
220 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
221 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
222if (role != null)
223 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
224 rundata.setRedirectURI(duri.toString());
225226 }
227 }
228229/***230 * Build the context for a role browser for a specific user.231 *232 * @param portlet The velocity-based portlet that is being built.233 * @param context The velocity context for this request.234 * @param rundata The turbine rundata context for this request.235 * @param roleName The roleName of the role that we are building a role context for.236 */237privatevoid buildRolePermissionContext(VelocityPortlet portlet,
238 Context context,
239 RunData rundata,
240 String roleName)
241 throws JetspeedSecurityException242 {
243// get master list of permissions244 Iterator master = JetspeedSecurity.getPermissions();
245246// get the user object247Role role = JetspeedSecurity.getRole(roleName);
248if (null == role)
249 {
250// no ACL found251 logger.error("RolePermissionBrowser: Failed to get role: " + roleName);
252return;
253 }
254255// get the permissions for this particular role256 Iterator subset = JetspeedSecurity.getPermissions(roleName);
257258 Vector permissions = new Vector();
259 Vector selected = new Vector();
260boolean sel = false;
261int ix = 0;
262 selected.add(0, new Boolean(sel));
263while(master.hasNext())
264 {
265Permission permission = (Permission) master.next();
266 permissions.add(permission);
267 sel = JetspeedSecurity.hasPermission(roleName, permission.getName());
268 ix = ix + 1;
269 selected.add(ix, new Boolean(sel));
270 }
271 selected.trimToSize();
272 permissions.trimToSize();
273274 rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
275 rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
276 context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
277 context.put(SecurityConstants.CONTEXT_SELECTED, selected);
278 context.put(SecurityConstants.CONTEXT_ROLE, role);
279 }
280281282 }